summaryrefslogtreecommitdiff
path: root/lang
diff options
context:
space:
mode:
authorseb <seb@pkgsrc.org>2006-06-19 07:52:59 +0000
committerseb <seb@pkgsrc.org>2006-06-19 07:52:59 +0000
commit83499fbef4a32eab46cb00fb12dcbe519faac6b7 (patch)
tree61a1c4d14895f0383ee8d5364638cc1dd4c97836 /lang
parent3d3e981e74dbcf122590c740e1511e0d0a735643 (diff)
downloadpkgsrc-83499fbef4a32eab46cb00fb12dcbe519faac6b7.tar.gz
Update mysql4-client and mysql4-server to version 4.1.20.
Most notably this version includes fixes for http://secunia.com/advisories/20365/ and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0903 The fix for the latter was provided in PR pkg/33616 by Cedric Devillers, cedric dot devillers at script dottt univ-paris7 dot fr, and is not part of the upstream version 4.1.20. * Changes since last packaged version (4.1.19) (see http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html for me details): This is a security fix release for the previous production release family. This release includes the security fix described later in this section and a few other changes to resolve build problems, relative to the last official MySQL release (4.1.19). Bugs fixed: - Security fix: An SQL-injection security hole has been found in multi-byte encoding processing. The bug was in the server, incorrectly parsing the string escaped with the mysql_real_escape_string() C API function. (CVE-2006-2753, Bug#8378) This vulnerability was discovered and reported by Josh Berkus <josh@postgresql.org> and Tom Lane <tgl@sss.pgh.pa.us> as part of the inter-project security collaboration of the OSDB consortium. - The patch for Bug#8303 broke the fix for Bug#8378 and was undone. (In string literals with an escape character (\) followed by a multi-byte character that has a second byte of (\), the literal was not interpreted correctly. The next byte now is escaped, not the entire multi-byte character. This means it a strict reverse of the mysql_real_escape_string() function.) - The client libraries had not been compiled for position-indpendent code on Solaris-SPARC and AMD x86_64 platforms. (Bug#13159, Bug#14202, Bug#18091) - Running myisampack followed by myisamchk with the --unpack option would corrupt the auto_increment key. (Bug#12633)
Diffstat (limited to 'lang')
0 files changed, 0 insertions, 0 deletions